Skip to main content
GET
/
oauth
/
authorize
OAuth 2.1 authorization endpoint
curl --request GET \
  --url https://mcp.echozero.app/oauth/authorize

Headers

x-signature
string

HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.

x-timestamp
string

Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.

Query Parameters

response_type
string
required
Example:

"code"

client_id
string
required
Example:

"echozero-cli"

redirect_uri
string
required
Example:

"http://127.0.0.1:8765/callback"

scope
string
required

Space-delimited OAuth scopes mapped to MCP API scopes.

Example:

"read:agents read:strategies write:agents"

state
string
required
code_challenge
string
required
code_challenge_method
string
required
Example:

"S256"

access_token
string

User JWT access token for browserless/local flows. Prefer Authorization: Bearer in API clients.

Response

200 - undefined